WHITEHAT SOFTWARE COMPOSITION ANALYSIS DA T A SHE E T

WhiteHat Software
Composition Analysis

Check the Code that you Download

Developers use open source or third-party code components, frameworks, plug-ins, and libraries to significantly reduce software
development time. It’s been estimated that 90 percent of code includes open source platforms, inclusions, and third-party
libraries. Use of these components has many advantages, such as accelerating development, but it also introduces critical risk.

Applications are a popular attack vector, and there are constantly more vulnerabilities announced in open source code, platform,
and libraries. WhiteHat Software Composition Analysis (SCA) lets you easily identify third party components in your code and
discover potential security and licensing issues in third party libraries. Whether you need to know all the open source and third-
party libraries your apps are using, or you need to know if they are using a preferred version of library, or the license type for each of
these libraries, WhiteHat Sentinel SCA can help you bridge the gap between Security and Development to help facilitate DevSecOps.

KEY BENEFITS:
SINGLE PANE OF GLASS:
Fully integrated into WhiteHat Sentinel
Platform, along with static, dynamic, &
mobile findings

EFFORTLESS VISIBILITY:
Easily identify open source and third-party
components in your applications

GAIN CONFIDENCE:
Safely utilize open source and third-party
frameworks and libraries that are free from
known security issues

ENSURE COMPLIANCE:
Know the license type for the open source
and third-party components used in your
applications, to ensure compliance

IMPROVED QUALITY:
Ensure code consistency and quality by
knowing if the versions of open source
and third party components used in your
1
application are out of date
 WHITEHAT SOFTWARE COMPOSITION ANALYSIS DA T A SHE E T

Full Inspection of Third-Party Components

It’s imperative that companies have visibility into which software files have open source licenses, as many
frequently downloaded third-party components contain critical vulnerabilities, which can lead to serious exploits
and attacks. To fully understand your application vulnerabilities and the over security posture of your web and
mobile applications, you need in-depth visibility into the third-party components that you are using.

WHITEHAT’S SOFTWARE COMPOSITION ANALYSIS PROVIDES:

• Full integration into the WhiteHat Sentinel Platform, for all your Application Security
needs

• Near zero false positives

• Remediation guidance and access to acclaimed WhiteHat Threat Research Center

Security Engineers

• Executive dashboard and reports with per application, per framework, & per license
breakdown of open source and third-party components used in all your applications

• License information for the open source and third-party components used in your
applications

• Component version information and whether it’s the most current or out of date

• Identification of Common Vulnerabilities and Exposures (CVEs)

• Integration with most popular ALM and bug tracking systems such as JIRA, Bugzilla,
HP Quality Center, ServiceNow, and many more.

• Support for the most-popular languages including Java, C#.NET, JavaScript, and Obj-C.

WHITEHAT SECURITY, INC. 1741 Technology Dr. #300, San Jose, CA 95110 • 1.408.343.8300 • www.whitehatsec.com
© 2018 WhiteHat Security, Inc. All rights reserved. WhiteHat Security and the WhiteHat Security logo are registered
trademarks of WhiteHat Security, Inc. All other trademarks are the property of their respective owners.